Do we need a Risk Register for ISO 9001:2015

Z

zoolieu

#1
It appears that a "risk register" is not required for ISO 9001:2015.
We always post issues, situations, risks, concerns and potential problems on a large dry erase board so that the issues do not get forgotten.
Would it also be necessary to draft a register to house these risks and resolutions in?
We have our audit in 3 weeks.
On a side note - we are a distributor (not MFG) and very small company of 5
 
Elsmar Forum Sponsor
B

BoardGuy

#2
Although 6.1 specifies that the organization shall plan action to address risk there is:

a) No requirement for formal methods for risk management
b) No requirement to document risk management process
c) No requirement to retain documented information as evidence of determination of risks.

This part of the Standard has developed in to a cottage industry of risk based thinking gurus that could lead you in to performing FMEAs for all process. We developed a simple spreadsheet that addresses both Section 4 and 6.1 requirements. Our spreadsheet looks at:

a) Interested parties and their reason for interest
b) Internal issues of concern
c) External issues of concern
e) Organizational risks and how they are addressed

In the end you should not just create something to address 6.1. You should develop needed information that is helpful to top management and the organization.
 
Z

zoolieu

#3
Thank you kindly for the clear and well drafted response.
May I ask where you house this spreadsheet so that it is accessible to all?
 

Kronos147

Trusted Information Resource
#4
At our shop, we found something we already capture, NCR's, in our NCR log, and added an NCR classification, Risk.

We look to see what methods we already have and expand upon them as opposed to develop new processes.

We also have a quote review checklist. We added a section to document Risks.

We have a process to qualify vendors and issue PO's. We integrated risk management.
 
B

BoardGuy

#5
Thank you kindly for the clear and well drafted response.
May I ask where you house this spreadsheet so that it is accessible to all?
[FONT=&quot]Sorry, I cannot provide because it is consider to be a proprietary document of my employer.[/FONT][FONT=&quot][/FONT]
 
Z

zoolieu

#6
I apologize - I wasn't asking to view the doc - just where do you keep in your company so that it is accessible? In a binder? On a shared drive?
 
J

Jim Green

#7
I apologize - I wasn't asking to view the doc - just where do you keep in your company so that it is accessible? In a binder? On a shared drive?
I am not an expert, but I would keep it in an electronic folder. Then present hard copy during Mgr Review. That way it's covered.

In my experience, the more you have presented in Mgr Review, the more efficient and easy your external/3rd party audits tend to be.

I am going to start off very simple at first. Trying to capture major processes, and see how it goes.
 
Z

zoolieu

#8
So - I have a bit to add that I hope will deem helpful.
You do NOT have to have a "register" per se, but you do need to have a MR, so that all has to be integrated. We have a large dry erase board that I have divided up by sections that have risk: shipping, purchasing, etc. We toss up issues as they arise, discuss and manage in the meetings and then keep a running "risk register" Just excel doc - on a shared folder for reviewing and history. Hope that works!
 

Mark Meer

Trusted Information Resource
#9
We have a large dry erase board that I have divided up by sections that have risk: shipping, purchasing, etc. We toss up issues as they arise, discuss and manage in the meetings and then keep a running "risk register" Just excel doc - on a shared folder for reviewing and history. Hope that works!
I would strongly suggest moving this activity to a shared document/spreadsheet, instead of a dry-erase board. ISO requirements aside, I think it's important to have some lasting record of activities you do... it makes it easier to look back later and make decisions based on past activities.

Google Docs is a good possibility as it is free, any number of people can collaborate simultaneously, and revision histories are maintained.

If people are at their computers daily, you could set it to people's home-page, thus (more-or-less) ensuring that everyone sees it daily...
 

dsanabria

Quite Involved in Discussions
#10
[FONT=&quot]Sorry, I cannot provide because it is consider to be a proprietary document of my employer.[/FONT][FONT=&quot][/FONT]
You could do a "PM" Private Message and not make your documentation to the whole world - thus not violating proprietary laws because no one will know or find out. :cool:
 
Thread starter Similar threads Forum Replies Date
M Need Help With Information Security Asset Risk Register IEC 27001 - Information Security Management Systems (ISMS) 2
Melissa Risk Management Process, How far do I need to go? ISO 14971 - Medical Device Risk Management 13
D Low risk IVD study in the UK, do I need MHRA approval? UK Medical Device Regulations 1
R The term "Benefit Risk Ratio" in EU MDR, do I need to present benefit risk analysis as a RATIO Risk Management Principles and Generic Guidelines 4
M Informational FDA Panel: Too early to pull textured breast implants over cancer risk, need more data Medical Device and FDA Regulations and Standards News 0
V How to Publish/Convince Stake Holders about need/utility of Risk Management Systems FMEA and Control Plans 6
S Do HF Accessories need to perform a Risk Management Process of 60601-1:2005? IEC 60601 - Medical Electrical Equipment Safety Standards Series 3
D PA, CA and Risk-Based Decision Making - Need Input Preventive Action and Continuous Improvement 7
W Need risk acceptance policy/criteria ISO 14971 - Medical Device Risk Management 3
A ISO14971:2001 - Risk Management for Medical Devices - Help need copy ISO 14971 - Medical Device Risk Management 10
R Reduce the need for authorisation of low risk changes Document Control Systems, Procedures, Forms and Templates 3
Q Does a gage used for a visual verification need to be calibrated? Manufacturing and Related Processes 7
B Hi , everyone i need a procedure for validation of design prototype api 6d (valve manufacturing) Oil and Gas Industry Standards and Regulations 1
J Do we need to raise concessions for every noted deviation under AS9100 Manufacturing and Related Processes 3
M Need to set up a "crisis management and business continuity plan" AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 1
D MDR technical file: does it need to contain duplicates of controlled documents EU Medical Device Regulations 2
R Customer Returns / RMA's & the need for NCR's AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 16
T Need advice on what inspection equipment to buy. General Measurement Device and Calibration Topics 2
Sam.F Do heat treatment ovens need calibration? General Measurement Device and Calibration Topics 22
T Need 5 why’s help AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 15
H Need guidance on importation of Custom-made devices into Japan Japan Medical Device Regulations 1
T Need help understanding AS6174 clause 3.1.5. AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 4
B Spare parts of medical device need CE mark? EU Medical Device Regulations 0
F Change in address for critical supplier - does NB need to be informed? CE Marking (Conformité Européene) / CB Scheme 20
leftoverture REACH Folks - We Need Common Sense! RoHS, REACH, ELV, IMDS and Restricted Substances 23
B Whose waste carrier licence do I need? ISO 14001:2015 Specific Discussions 8
I I need some fun examples of teaching the 5 Whys Lean in Manufacturing and Service Industries 43
R First Time Managing Calibration and Measurement System. Need Help. General Measurement Device and Calibration Topics 19
M CE marked medical device - do they need UKAS certified calibration provider ISO 17025 related Discussions 4
C I need some clearing on requirements of Asuring the validity of results ISO 17025 related Discussions 2
C Need help in determining applicable clause for an audit finding (based on AS9120B) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
K Subcontractors Providing Services Under MDD or MDR need ISO 13485 from EU Notified Body? CE Marking (Conformité Européene) / CB Scheme 8
E Need some peer advice Quality Manager and Management Related Issues 18
S Need clarification on UKCA and "Approved Body" UK Medical Device Regulations 7
S What types of changes need to be notified to NBs? Registrars and Notified Bodies 1
B Do I need a Cleanroom to manufacture Medical Devices? ISO 13485:2016 - Medical Device Quality Management Systems 2
J CMO in Canada do they need MDSAP/13485 certification? ISO 13485:2016 - Medical Device Quality Management Systems 1
M Attempting to Poke Yoke a wire crimping process...need help Design and Development of Products and Processes 3
C I need your help to find the action plan for these quality objectives Misc. Quality Assurance and Business Systems Related Topics 23
ChrisM Class 1 non-sterile device, need certified QMS or not? EU Medical Device Regulations 2
Steve Prevette I need a template to solve world hunger, a world class Quality Program, and make lots of money Coffee Break and Water Cooler Discussions 5
C Need to understand difference between an actual Calibration vs. a Calibration check General Measurement Device and Calibration Topics 3
S How many tester quantity we need on the line based on the cycle time and peak volume Manufacturing and Related Processes 3
R Need help on calibration result analysis Measurement Uncertainty (MU) 17
M Do i need to have equipment validation if 100% testing is completed? Qualification and Validation (including 21 CFR Part 11) 6
G Need Help with Run @ Rate for Medical Devices ISO 13485:2016 - Medical Device Quality Management Systems 0
F Need help in IMS management review Management Review Meetings and related Processes 3
S I need help in corrective action plan Nonconformance and Corrective Action 15
A Do clinical performance studies for IVDs need to be conducted in a member state? EU Medical Device Regulations 2
A Do clinical performance studies for IVDs need to be conducted in a member state? CE Marking (Conformité Européene) / CB Scheme 0

Similar threads

Top Bottom